Mitigate risk by deploying social media policies

Not long ago, if you wanted to get the word out about a great new product or service, you would have had to use the method popularized in the 1980's Faberge Organics shampoo ads. “They’ll tell two friends, and they’ll tell two friends…”

Of course, in that simpler time, before Friendster opened the gates to social media, when someone said something regrettable, well, it was easier to apologize to whomever heard it. But today, “The biggest challenge is to use social media effectively,” says Tim Tropp, corporate vice president, ethics and sustainability, Arthur J. Gallagher & Co. “We all think in the 21st century that we know a lot about social media because we use it a lot, but we do not.”

When worlds collide

One of the biggest problems that companies face is that employees have a tendency to intermingle their personal and professional lives when it comes to social media. This creates all sorts of headaches.

Take the example of an attorney who jokingly posts on a photo on social media “you should steal that for me.” This seemingly innocent comment can create a rash of problems. “There's reputational damage if someone took that seriously,” says Daniel Roffman, a managing director at FTI Technology, “And there are risks to corporations beyond that… we might have a client email we are responding to, then we are on social media in a matter of seconds, inadvertently copying and pasting something into the wrong window.” In this way, he says, an employee can reveal trade secrets, source code, client information or other sensitive data.

While all companies face social media risk, for certain industries, that risk is more acute, and those industries have stepped up their policies. “Financial services is the vanguard with respect to specific social media guidelines,” says Norv Leong, director of product marketing at Actiance, Inc. “Healthcare is another big player, what with HIPAA and information like patient records and social security numbers.”

Leong also cites the energy and utility industry as well as the pharma space as areas of business that that have the greatest need to implement strong social media controls.

Devising a policy

To address these concerns and more, experts say that, in this day and age, companies must have a clear social media policy. Both 3M and Arthur J. Gallagher have clearly delineated social media policies that they have disseminated to employees.

The 3M policy, for example, outlines certain basic standards that begin with the company's general policies, including its code of conduct. Other tenants of the social media standard include: “Be transparent; be sensible; be responsible; protect confidential and proprietary information; don't forget your 3M job and be thoughtful when mixing your business and personal lives.” This last point is echoed in the Gallagher social media policy, which further reminds employees to add disclaimers such as: “The views expressed on this post are mine and do not necessarily reflect the views of Arthur J. Gallagher & Co.”

For a large, multinational company like 3M, though, there were a number of challenges to overcome.

“We wanted to make sure the standards reflected the very different markets we serve and our business groups,” says Jim Zappa, vice president, associate general counsel and chief compliance officer at 3M. “The social media sophistication in those groups (such as consumer and healthcare) varies, so rather than develop a detailed standard that creates requirements based on how much they use social media, we developed parameters in which they operate.”

The 3M legal team described these parameters as “guardrails,” which protect and guide employees, but allow them for flexibility within a certain framework.

Team effort

Of course, a comprehensive policy will involve a number of stakeholders. “Get the legal side involved,” advises Leong. “Get input from compliance, risk management, marketing, HR. Make it a collaborative effort.”

At Arthur J. Gallagher & Co., there are also a number of departments involved in the social media policy, though each member of the team has a specific responsibility. The company hired a specialist to head up social media initiatives. She is the point person for social media, but she involves other members of the team, such as the chief ethics officer, chief compliance officer, members of the HR team and, of course, the general counsel.

According to Mike Kauffman, senior division counsel at 3M, the company's social media standard initiative was jumpstarted by the general counsel in 2009, as were the revisions to the policy that were drafted in 2013.

“The privacy attorney was a co-chair and I was the other co-chair,” he explains. “We pulled in other experts in legal, from software to IP issues to employee issues as well as paralegals and the consumer and business legal team.”

Other solutions

As anyone who fights forest fires can tell you, sometimes you have to fight fire with fire, so when high-tech problems are an issue, it can be wise to explore high-tech solutions to reinforce strong social media policies. When choosing a tech solution, though, there are a few points that businesses should keep in mind.

“Do your due diligence on the tech vendors,” explains Leong. “Get a feeling for their granular capabilities. Social media is here in a business context, so you don't want to shut it off completely.” Instead, find a solution that allows users to adjust rules so that you can easily deactivate Facebook “likes” or monitor LinkedIn recommendations or Twitter retweets, which could be construed as recommendations or predictions. After all, if your business is trying to attract millenials to job openings, having a policy that forbids social media use will make you look like a dinosaur.

Once a company selects the proper tools, it's important for a general counsel to become familiar with their capabilities. How does it interact with e-discovery concerns, for example, as the collection of social data is now an integral part of that process, and not all social media tools can efficiently sift through the inevitably complex web of personal and professional posts that can include text, images and video.

Crafting compliance

Even with a software tool at your disposal, the foundational element of any company's social media strategy should be a sound policy. And, of course, that policy should tie closely into the compliance department. “The compliance department supports the awareness we want people to have,” explains Zappa. “We tie our social media into other training programs. In our confidential information program, we reference social media as a way of sharing. In our respectful workplace program, we mention social media as a way to talk about co-workers.”

It's important to keep social media in mind as just another channel of communication. Workers can sometimes slip into different personas on social media, but, in the end, it's not that different from interacting with people in the real world: Common sense must prevail.

But, even with guardrails in place, companies should be cautious about making policies that are too restrictive, for risk of losing the benefits that social media can bring.

“When I talk to 3M employees in social media, they explain about engagement. It's not about selling. The company has to be willing to have fun, to take risks, be authentic and transparent,” adds Kauffman.

And, if protected by the social media policy, employees can have that fun without running the risk of driving off a cliff.